terraform-provider-oci: terraform doesn't allow update password and whitelist at the same time
Community Note
- Please vote on this issue by adding a π reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave β+1β or βme tooβ comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version and Provider Version
Terraform v1.4.0 on linux_amd64
- provider registry.terraform.io/hashicorp/random v3.4.3
- provider registry.terraform.io/oracle/oci v4.111.0
Affected Resource(s)
oci_database_autonomous_database
Terraform Configuration Files
# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file.
# Please remove any sensitive information from configuration files before sharing them.
resource "random_password" "this" {
length = 16
lower = true
upper = true
special = true
numeric = true
min_lower = 1
min_upper = 1
min_numeric = 1
min_special = 1
override_special = "!#$%*()-_=+[]{}:?"
keepers = {
trigger = timestamp()
}
}
resource "oci_database_autonomous_database" "primary" {
#Required
compartment_id = var.compartment_ocid
db_name = var.name
...
admin_password = random_password.this.result
whitelisted_ips = var.whitelisted_ips
}
Expected Behavior
With keepers set in random password resource, the password always changes whenever This should work along with any other updatable arguments. To make it worse, the terraform plan did NOT fail.
Actual Behavior
there is no reason password change cannot be updated along with any other updatable arguments.
Steps to Reproduce
- use the sample code snippet above to update ADB password and whitelisted_ips at the same time. even though terraform plan succeeded, terraform apply will fail with the following error:
β Error: 400-InvalidParameter, Cannot update the Autonomous Database password and the white list ips at the same time. β Suggestion: Please update the parameter(s) in the Terraform config as per error message Cannot update the Autonomous Database password and the white list ips at the same time. β Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/database_autonomous_database β API Reference: https://docs.oracle.com/iaas/api/#/en/database/20160918/AutonomousDatabase/UpdateAutonomousDatabase
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 18 (16 by maintainers)
Hi @xiaoditao1, understood itβs by design, however, this, among other similar behaviors I observed on this resource, completely defies the purpose of terraform. Terraform code is like blueprint of the infrastructure, meaning, I as an user, only need to put in what we want, then your code should handle the rest. in this case, even though password cannot be updated at the same time as per your database specification, in your code, you should handle this condition so that the password update and other conflicting updates are done in sequence. This work should not be passed onto users like us.
another example is the way local standby is enabled which doesnβt even allow us to code it inside a root module so that both primary and local standby can be created in one-go.
Both examples, among others, shows that this particular resource, from workflow perspective, itβs NOT a terraform resource, but a traditional script under the hood which is very bad. In fact, among all the terraform resources I have been working on over the years among 4 CSPs(GCP/Azure/AWS/OCI), this is the worst in terms of workflow handling. It does not follow what the normal terraform workflow should be. On top of them, the terraform plan on this resource is also almost completely crippled due to lack of input/dependency checks and error handling at the db resource level which I have also reported on the other ticket. All these need to be addressed to meet terraform and production standards.